Cisco Acano X-series

Cisco Meeting Server Release 2.0 : Scalable and Resilient Meeting Server Deployments

127

memberOf=cn=apac,cn=Users,dc=Example,dc=com

This imports both groups and people that are members of the APAC group.

To restrict to people (and omit groups), use:

(&(memberOf=cn=apac,cn=Users,dc=Example,dc=com)
(objectClass=person))

Using an extensible matching rule (LDAP_MATCHING_RULE_IN_CHAIN /
1.2.840.113556.1.4.1941), it is possible to filter on membership of any group in a
membership hierarchy (below the specified group); for example:

(&(memberOf:1.2.840.113556.1.4.1941:=cn=apac,cn=Users,dc=Example,

dc=com)(objectClass=person))

Other good examples which you can adapt to your LDAP setup include:

Filter that adds all Person and User except the ones defined with a !

(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(!(cn=krbtgt)))

Filter that adds same as above (minus krbtgt user) and only adds if they have a
sAMAccountName

(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(sAMAccountName=*))

Filter that adds same as above (Including krbtgt user) and only adds if they have a
sAMAccountName

(&(objectCategory=person)(objectClass=user)(!(cn=Administrator))
(!(cn=Guest))(!(cn=krbtgt))(sAMAccountName=*))

This filter only imports specified users within (|( tree

(&(objectCategory=person)(objectClass=user)(|(cn=accountname)
(cn=anotheraccountname)))

Global Catalog query to import only members of specified security group (signified with
=cn=xxxxx

(&(memberOf:1.2.840.113556.1.4.1941:=cn=groupname,cn=Users,

dc=example,dc=com)(objectClass=person))

4. Set up the Field Mapping Expressions

The field mapping expressions control how the field values in the Meeting Server’s user
records are constructed from those in the corresponding LDAP records. Currently, the
following fields are populated in this way:

Display Name

User name

15 LDAP configuration